1

In the past, I have been able to run/debug a self-developed Preference Pane in System Preferences by self-signing a copy of the System Preferences app, and setting it as the run target in Xcode.

A symbolic link is placed in ~/Library/PreferencePanes that points to the output prefPane built by Xcode and everything works... at least it used to under 10.11 through 10.14.

See: Debug System Pref Pane w/10.11 and System Integrity Protection

Under 10.15 this breaks. While the prefPane properly loads with the real (Apple-Signed) System Preferences app, when I try to run my prefPane in the self-signed copy of System Preferences, I get "Could not load preference pane". The same thing happens when trying to load any of the Apple built-in pref panes as well.

I have tried both:

codesign -s "My Developer ID" -f "/Applications/System Preferences Copy.app"

and

codesign -s - -f "/Applications/System Preferences Copy.app"

No errors are generated in the Console.

My guess is that somewhere in the loading process, it is checking to see if the System Preferences host app is signed by Apple. If I try to use the real System Preferences app as a debug target, I get a System Integrity Protection error.

Is there any way to do this without disabling SIP like there was in 10.11 to 10.14?

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Trygve
  • 1,317
  • 10
  • 27

1 Answers1

0

Probably, the app is subject to the restrictions of the hardened runtime. Without entitlements to ease those restrictions, it will be prevented from, for example, loading code that's not signed by Apple or an identity from the same team.

You will need to sign your copy with the --options runtime --entitlements <path> options. The path should point to a plist file of a dictionary whose keys are entitlements and values are typically booleans. For example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
</dict>
</plist>
Ken Thomases
  • 88,520
  • 7
  • 116
  • 154
  • I tried `codesign --force --deep --options runtime --entitlements (path to above-mentioned plist) --sign (My Developer ID Cert Name) --timestamp (Path to copy of System Preferences app)`. Still gives me the same error but this feels like close to a solution. – Trygve Nov 05 '19 at 14:25
  • Disabling SIP allows System Preferences to run, but my breakpoints are never hit like they were in 10.11 to 10.14. Very frustrating indeed. – Trygve Nov 05 '19 at 16:37
  • Regarding the hardened runtime restrictions, you can see if anything is written to the console log when loading a pane fails. You can also try adding more of the entitlements to see if it needs them, too. Don't know why the breakpoints aren't working with SIP disabled. – Ken Thomases Nov 05 '19 at 16:40
  • I see from your new question that your pane may be loading in a "legacyLoader". You should double-check that that has the entitlements it needs. (I know you passed `--deep` when signing, but double-check.) – Ken Thomases Nov 05 '19 at 16:42
  • Yes. There seems to be no way to make a copy of legacyLoader and get System Preferences to load the modified one, so disabling SIP seems to be the only way as I don't want to permanently change the built-in legacyLoader. I don't mind disabling SIP on my test machine, but won't do it on my main machine. – Trygve Nov 05 '19 at 17:06